Restrict some functions
Hello, I have received a C++ source code from an untrusted source. I dont want to modify the source code....but I want to run it under restrictive mode such that it cannot modify any files already present in my system, nor it can create any files.
Can anyone please help????.....
regards,
proggy
Can anyone please help????.....
regards,
proggy
Can you explain further? If its just source code could you not just read it to see if it is malicious?
Or are you worried about the file itself containing malware? I presume this is the kind of thing you meant when you said 'untrusted source'.
Or are you worried about the file itself containing malware? I presume this is the kind of thing you meant when you said 'untrusted source'.
Just read it and see if it does anything weird. If you're too lazy, run it on a virtual machine. If you can't run one, run it on a spare physical system. If you don't have one, there are no more options.
vmplayer ( http://www.vmware.com/products/player/ ) and a virtual machine ( http://www.thoughtpolice.co.uk/vmware/#fedora10 ) should do the trick.
it is like.....i am receiving the codes dynamically and as soon a i receive it i compile and run it using another code......
i will explain it like this....
I have written a program which inputs a c++ file, compiles it, runs it and saves the output in another text file..........
now the program that i wrote receives the files dynamically and thus runs it on its own........
soo i cannot open the files which i have received.......
i will explain it like this....
I have written a program which inputs a c++ file, compiles it, runs it and saves the output in another text file..........
now the program that i wrote receives the files dynamically and thus runs it on its own........
soo i cannot open the files which i have received.......
There are two things I don't understand:
a) The point of such a program.
b) Which files can't you open? The output or the received sources?
a) The point of such a program.
b) Which files can't you open? The output or the received sources?
the point of such a program is to make a online onspot judge for a programming contest
as the judge is onspot.....i dont have time to read the source codes....i have to receive the code..judge it for correctness and update the ranklist if the code is correct....
I hope u would have seen online programming contests.......for example....
www.spoj.pl
this site...gives u a list of problems..as soon as u submit a code..it is judged and the result is displayed........
as the judge is onspot.....i dont have time to read the source codes....i have to receive the code..judge it for correctness and update the ranklist if the code is correct....
I hope u would have seen online programming contests.......for example....
www.spoj.pl
this site...gives u a list of problems..as soon as u submit a code..it is judged and the result is displayed........
Google is using a feature in Linux called "seccomp" for Google Chrome which severely restricts the system calls a program can make. You might have a look at that.
I would probably start by using a pool of virtual machines with the only writeable partition a ramdisk. Lock down the networking and reboot each VM after every test.
I would probably start by using a pool of virtual machines with the only writeable partition a ramdisk. Lock down the networking and reboot each VM after every test.
right thank you soo much people.......i didnt get that idea from anywhere actually.....was really nice of ull.....wud surely come back if i need more help...hope ull dont mind :P
Thnkz once again,
regards
proggy
Thnkz once again,
regards
proggy
Topic archived. No new replies allowed.